This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP SAMM Project"
Line 201: | Line 201: | ||
* Spanish | * Spanish | ||
* Japanese | * Japanese | ||
− | |||
Carlos Allendes created a presentation in Spanish on SAMM during the 2011 LatAm tour, download the [https://www.owasp.org/images/c/cf/05_OWASP_LatamTur2011_OpenSAMM.pdf presentation]. | Carlos Allendes created a presentation in Spanish on SAMM during the 2011 LatAm tour, download the [https://www.owasp.org/images/c/cf/05_OWASP_LatamTur2011_OpenSAMM.pdf presentation]. | ||
+ | Hubert Grégoire and Sebastien Gioria created a French translation of the OpenSAMM 1.0 Overview presentation available for download [https://www.owasp.org/images/f/fd/OpenSAMM-1.0-fr_FR.ppt here]. | ||
You can use [http://crowdin.net/project/owasp-samm Crowdin] to help improve these translations or add new ones right now! | You can use [http://crowdin.net/project/owasp-samm Crowdin] to help improve these translations or add new ones right now! |
Revision as of 15:55, 10 January 2016
- Main
- Browse Online
- Downloads
- Community
- Summit
- Talks
- News
- Languages
- Roadmap
- Get Involved
- Project Sponsors
The Software Assurance Maturity Model (SAMM) is an open framework to help organizations formulate and implement a strategy for software security that is tailored to the specific risks facing the organization. SAMM helps you:
|
Quick DownloadNews and EventsPlease see the News and Talks tabs Change Log
Email ListQuestions? Please ask on the SAMM Mailing List Project LeadersProject Leaders Related Projects
Classifications
|
The foundation of the model is built upon the core business functions of software development with security practices tied to each (see diagram below). The building blocks of the model are the three maturity levels defined for each of the twelve security practices. These define a wide variety of activities in which an organization could engage to reduce security risks and increase software assurance. Additional details are included to measure successful activity performance, understand the associated assurance benefits, estimate personnel and other costs.
Click on any badge to learn more
Download SAMM v1.0:
- in English - PDF, English - XML
- in Spanish - PDF, Spanish - XML
- in Japanese - PDF, not available as XML
Trainings:
- Recent OWASP SAMM 1-Day training slide deck delivered by Bart De Win and Sebastien Deleersnyder at AppSec Europe 2014 in Cambridge
Mappings:
- BSIMM-V mapping to SAMM activities:
Tools:
- Javascript visualization framework for SAMM on github
Upcoming SAMM Meetings
We now have weekly SAMM - summit preparation calls on Wednesdays at 21h30 CEST / 3:30pm ET.
The current DRAFT SAMM schedule is available here: https://open-security-summit.org/tracks/owaspsamm/
Preparation notes: https://docs.google.com/document/d/1piN4De5FGVUqpC-Q_wabRxWfAbjfaF90bYYzugtJM3k/edit#
The monthly call is on each 2nd Wednesday of the month at 21h30 CEST / 3:30pm EST.
Please join our GoToMeeting: https://global.gotomeeting.com/join/262891661
The call is open for everybody interested in SAMM or who wants to work on SAMM.
Previous SAMM Meetings
- 26 April 2017 - https://docs.google.com/document/d/1kWYlVoOY99W4MUyEimWXSV-wi77LaESxmTb6DEHf0mE/edit
- 12 April 2017 - https://docs.google.com/document/d/1nigqGPCfAeJ67_INkRrD0bZ80qN8479l3QgDBQrxNUw/edit
- 26 October 2016 - https://docs.google.com/document/d/1D1sQqJPk3ED6U1-5A26Ikr41g-RF-rtzmr8NfJlGAn0/edit (SAMMv2 call Policy&Compliance)
- 12 October 2016 - https://docs.google.com/document/d/1Yunexfvb9x49v3pyzhgmFaNffAL_UJGPgMYYCVBsnMc/edit
- 28 September 2016 - https://docs.google.com/document/d/1dWa8z-qVYGiOQBto5eOL03I4LqAVmK9r-2lnJiDm-vw/edit (SAMMv2 call Strategy&Metrics)
- 17 September 2016 - https://docs.google.com/document/d/1RR0M2Xc8y--KaxyhBsHXtpDDJz2zkDujXn4ZTC_E8KE/edit
- 31 August 2016 - https://docs.google.com/document/d/1uzWZ66xf6A478GxyYJiyfwq9FfWA_kOsj45Sqi9It5A/edit
- 10 August 2016 - https://docs.google.com/document/d/17yS1aP8wgsxkVeK9wcqLJMNA8eheLKptwZI7T6vAAqA/edit
- 13 July 2016 - https://docs.google.com/document/d/1WueehfPZpt4vpaRf5N1nNghSXNAH8gyQWQwgxd2t1Nw/edit
- 8 June 2016 - https://docs.google.com/document/d/1Yr8ihsI136hMTlbpoUIl12nrRSDTo1f-PiBlFu57o5U/edit
- 18 May 2016 - https://docs.google.com/document/d/1mUNj7P0lyFK9GEcInQ-2ozsi5awmQUtDbeC1A_wasg8/edit
- 11 May 2016 - https://docs.google.com/document/d/1R1AYXEsE5wmnfqnXEruJVqDxffl7qCT7ilcVxp0E3Ls/edit
- 13 April 2016 - https://docs.google.com/document/d/12MF3FzgXtiPC_MkTQfa5lUZJjfQGvRmh2viGa_wonBU/edit
- 6 April 2016 - https://docs.google.com/document/d/1dIZSXrEWYTH1-RXioyrJEuitehSsESjm1XPSRUCWKLE/edit
- 9 March 2016 - https://docs.google.com/document/d/1Idm7VqKVRU1gQE785WIyCb-ZRQrFwDCGj-ws_5jpISY/edit
- 17 February 2016 - https://docs.google.com/document/d/1YU3LATRFvBLUacpkpOGwpTHME_TeJhF5LzwCcaPYG7Y/edit
- 14 January 2016 - https://docs.google.com/document/d/1hCQRst1sUaXMmstTDJUzx-EPWtbkw7m4sE0GqbIBwJM/edit
- 9 December 2015 - https://docs.google.com/document/d/15qvefQpSOzsKoXKtIdOqgpp71vAMrcA_cSjEdjslVWk/edit
- 11 November 2015 - https://docs.google.com/document/d/1Bni3mWHM3wNcX8HpRVIcg5nRoe6Jos8k6Qqlr297PUY/edit
- 21 October 2015 - https://docs.google.com/document/d/1fNJav_2DPluaEPL7-CGSKU9WgXp_yxnhoUWvxuC1LYU/edit
- 7 October 2015 - https://docs.google.com/document/d/1bO_L30fk7MQtlcdFM5sqOyRWN6WcYZ2PMkppQMeXDnM/edit
- 23 September 2015 - https://docs.google.com/document/d/1unkouIo8DIY8ovvfB9bJwuRIoJvjIoLZevt3YtvJy80/edit
- 26 August 2015 - https://docs.google.com/document/d/1scQdHSv1sEOJrP43tz6vDl0GF1STClJbbYdm0YfpUAI/edit
- 12 August 2015 - https://docs.google.com/document/d/1GQBBfNVzBdMzFEjtT4VhtD4V4WYTbOLnpE2casrNA5o/edit
- 23 July 2015 - https://docs.google.com/document/d/1zf7Owyg-QByPcx8uylX_uImfLRcD7EZZ8A39IenHmUo/edit
- 15 July 2015 - https://docs.google.com/document/d/1GS-qHqhXQoHhQLmeDjeUO-bvgDZE174w6qUXq8wZjow/edit
- 17 June - https://docs.google.com/document/d/1oDKPwMXJNAJIqeuDCnPhuKpVhZTx2xfBcguHHwSnkDg/edit
- 10 June - https://docs.google.com/document/d/1vWMkdQe1HN2qU3GVZE5fvCfg-5j5XgMgHCOZEwNgkm8/edit
- 13 May - https://docs.google.com/document/d/1qaUqig6ucPb_kB0mSJ1Tmv7oJc9LF1Mem-oJrs-5XPM/edit
- 29 Apr 2015 - https://docs.google.com/document/d/1NwOZlX7dL-ADMTYZzN17qopmWCpwzbsqp47BxpLOiQw/edit
- 22 Apr 2015 - https://docs.google.com/document/d/1HNjIp6fBfhE72u8sOIkXpOmEoI7DlWKm_jUQ-ukIOvs/edit
- 15 Apr 2015 - https://docs.google.com/document/d/12uGomNwIMU_-WP5DRHv9KeOMufUNehULj_6cITv_rmM/edit
- 8 Apr 2015 - https://docs.google.com/document/d/1R2feB6u1tqMBx516GpTwfFssnnduOxeBwEsUrPoCvwI/edit
- 11 Mar 2015 - https://docs.google.com/document/d/1MKTbOsqtPRDBF4ghr-8UP_wmzYSlZXq8zZAN61B9nZY/edit
- 18 Feb 2015 - https://docs.google.com/document/d/1KnZDB2-0f2bYS4fwETEzCLP5y4FPS-TiHAnbCkO2hD0/edit
- 14 Jan 2015 - https://docs.google.com/document/d/1hTko3Bi56vI5DLj7BqjRsEwUw5QCGId4l1kg7htmVZM/edit
- 10 Dec 2014 - https://docs.google.com/document/d/1599hkupNaEquVIk-VbN1qGDOzfq1Rwo1zhXLmWmRUFA/edit
- 12 Nov 2014 - https://docs.google.com/document/d/1GbDmwYyymxw_IZYNSh8aI9tyvl0MhxMO5ErFPN8hNKg/edit
In 2015 we organized our the first OWASP SAMM Summit in Dublin on 27-28 March, details >here< !!
Summit Notes:
- 28 Mar 2015 - https://docs.google.com/document/d/1pC4har75olF1WPZaqRfXFG9T3SS_qoEUvHkEynE0iTI/edit
- Summit outcome is described here
"The SAMM summit provided an opportunity to breathe new life into a framework that I use to facilitate my day-to-day work and support my customers." Bruce C Jenkins, Fortify Security Lead, Hewlett-Packard Company
Previous workshop Notes:
During the AppSec conferences, the SAMM project team organises workshops for you to influence the direction SAMM evolves.
This is also an excellent opportunity to exchange experiences with your peers.
If you plan on attending http://appsec.eu be sure to get involved in the SAMM workshop (scheduled on Jun-23).
- The agenda for the SAMM Workshop in Cambridge on 23-Jun-2014 is available here.
Previous workshop notes:
- The notes for the SAMM Workshop in New York on 21-Nov-2013 are available here.
- The notes for the SAMM Workshop in Hamburg on 21-Aug-2013 are available here.
upcoming talks will be listed here:
- OWASP DC - Software Assurance Maturity Model (SAMM) with Brian Glas! (2017-03-15)
- OWASP NoVA - SAMM 1.5, what's changed and how it impacts you (2017-03-16)
- InfoSec World - Software Assurance Maturity Model Evolutions (2017-04-03)
past talks:
- OWASP 24/7 - Seba Deleersnyder discussing the upcoming SAMM Summit (listen - here) - 2015
- OWASP Germany Day 2014: Seba Deleersnyder: OpenSAMM Best Practices: Lessons from the Trenches (download presentation) - 2014
- AppSecEU14: Seba Deleersnyder & Bart De Win: OpenSAMM Best Practices: Lessons from the Trenches OpenSAMM Best Practices: Lessons from the Trenches (download presentation, see video) - 2014
- AppSecEU13 - Hamburg: Seba Deleersnyder presenting a project update (download presentation) - 2013
- OWASP Europe Tour 2013 - Geneva: Seba Deleersnyder presenting OpenSAMM and the renewed project (download presentation) - 2013
- AppSecEU11 - Athens: Colin Watson presenting SAMM Training (download presentation) - 2011
- AppSecEU09: Pravir Chandra presenting OpenSAMM v1.0 (download presentation) - 2009
- Matt Bartoldus presentation on new SAMM project during OWASP London chapter (download presentation) - 2009
- Pravir Chandra - first presentation discussing the next generation to the CLASP Project- a complete working of the details into a Software Assurance Maturity Model (SAMM). (download presentation) - 2009
Latest News on SAMM
- SAMM Summit 2016 read the wrap-up here
- OWASP SAMM v1.1 Released! See the Press Release.
- OpenSAMM v1.1 RC - available for review
SAMM is available in the following languages:
- English
- Spanish
- Japanese
Carlos Allendes created a presentation in Spanish on SAMM during the 2011 LatAm tour, download the presentation. Hubert Grégoire and Sebastien Gioria created a French translation of the OpenSAMM 1.0 Overview presentation available for download here.
You can use Crowdin to help improve these translations or add new ones right now!
Project Roadmap:
Is available via this link
Release 1.1
The major features we are currently working on include:
- Add quick start guide
- Add tools & OWASP resources
- Add use cases, experience
- Revamp SAMM wiki
The date and exact items that will be included in 2.0 have not been finalized. The list of requested improvements is here
Involvement in the development of SAMM is actively encouraged!
You do not have to be a security expert in order to contribute.
Some of the ways you can help:
Feedback
Please use the Mailing List for feedback:
- What do like?
- What don't you like?
- How can we make SAMM easier to use?
- How could SAMM be improved?
Localization
Are you fluent in another language? Can you help translate SAMM into that language?
You can use Crowdin to do that!
SAMM Adopters
Current list of OpenSAMM adopters
SAMM is developed and maintained by a worldwide team of volunteers.
But we have also been helped by many organizations, either financially or by encouraging their employees to work on SAMM:
Acknowledgements
We would like to thank the following sponsors who donated funds to our project:
This project has produced a book that can be downloaded or purchased. Feel free to browse the full catalog of available OWASP books. |